mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Add basic DoS prevention measures
This commit is contained in:
parent
dc67e46010
commit
f069688a9a
@ -5,6 +5,9 @@
|
|||||||
#
|
#
|
||||||
# Also uncomment URL rewriting and SSL configuration below
|
# Also uncomment URL rewriting and SSL configuration below
|
||||||
|
|
||||||
|
limit_req_zone $binary_remote_addr zone=api:10m rate=30r/m;
|
||||||
|
limit_conn_zone $binary_remote_addr zone=addr:10m;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name {{ common_name }};
|
server_name {{ common_name }};
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
@ -18,10 +21,13 @@ server {
|
|||||||
# ssl_certificate /etc/letsencrypt/live/{{common_name}}/fullchain.pem;
|
# ssl_certificate /etc/letsencrypt/live/{{common_name}}/fullchain.pem;
|
||||||
# ssl_certificate_key /etc/letsencrypt/live/{{common_name}}/privkey.pem;
|
# ssl_certificate_key /etc/letsencrypt/live/{{common_name}}/privkey.pem;
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
|
|
||||||
root {{static_path}};
|
root {{static_path}};
|
||||||
|
|
||||||
|
# Basic DoS prevention measures
|
||||||
|
limit_conn addr 10;
|
||||||
|
client_body_timeout 5s;
|
||||||
|
client_header_timeout 5s;
|
||||||
|
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://127.0.1.1:8080/api/;
|
proxy_pass http://127.0.1.1:8080/api/;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
@ -30,6 +36,7 @@ server {
|
|||||||
proxy_send_timeout 600;
|
proxy_send_timeout 600;
|
||||||
proxy_read_timeout 600;
|
proxy_read_timeout 600;
|
||||||
send_timeout 600;
|
send_timeout 600;
|
||||||
|
limit_req zone=api burst=5;
|
||||||
}
|
}
|
||||||
|
|
||||||
# This is for Let's Encrypt
|
# This is for Let's Encrypt
|
||||||
|
Loading…
Reference in New Issue
Block a user